Identifying an object and information about the object, authenticating that the information and the object are genuine, and authorizing who can access the information are major organizational and individual challenges in the digital economy. In addition, it is critical that security and privacy are preserved during flow of the information among an authorized entity, the object, and an information system holding the identity of, and the information about, the object. Preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information is critical in all business and personal transactions.
There are various ways that an object can be identified. Some of these include associating the object with a barcode, radio frequency identification (RFID) device, or a magnetic stripe, as employed on credit/debit/ATM cards, etc. All of these methods connect a physical object to information systems.
The barcode gives a name to any object and allows automatic capture of that name through various scanning devices, also known as scanners or readers. The readers may detect return laser light scanned across the barcode, or may capture return light from the barcode as an image. In barcode symbology, an object may be identified by a series of elements of different light reflectivity printed on a label. The elements are spaced apart widthwise of the label along a horizontal direction to form a one-dimensional (1D) barcode or symbol. The elements may be configured as rectangular bars having variable widths and spaced apart from one another to form other elements, i.e., spaces, which also have variable widths. The heights of the bars and spaces in the 1D barcode carry no information. The printed bars are typically colored with a foreground color, typically black, while the spaces are colored with a contrasting background color, typically white. The particular layout of the bars and spaces, as well as the sizes of the widths of the bars and spaces, describe one of many different schemes or symbologies in which the identification data is encoded and decoded. To encode additional information, a plurality of 1D barcodes may be stacked along the vertical direction, or a combination of the elements may be arranged along both the horizontal and vertical directions to encode the additional information to form a two-dimensional (2D) barcode or symbol. In an earlier disclosure, U.S. patent application Ser. No. 15/338,584, whose disclosure is hereby incorporated herein by reference thereto, a 5-dimensional barcode was described that can carry significant more information than either a 1D or a 2D barcode.
RFID involves a small chip and an antenna to provide identification of an object. The chip may carry data of up to 2,000 or more bytes. In this respect, it has the capability of storing more data than a barcode. The RFID device or tag serves the same purpose as a barcode or a magnetic stripe and provides a unique identifier for that object. Just as a barcode must be scanned to retrieve the information, the RFID device must be scanned or read by an RFID reader to retrieve the identifying information. However, the RFID tag does not need to be in the line of sight relative to the scanner and can work within several feet of the scanner.
The magnetic stripe stores data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The magnetic stripe card, sometimes also called a swipe card or magstripe, is read by swiping past a magnetic reading head. Magstripe may also contain an RFID device, a transponder device, and/or a microchip. Such cards are mostly used for business premises access control or electronic payment. Obviously, credit/debit/ATM cards must be swiped through a special reader to retrieve the stored data.
However, none of these identification technologies can serve to prevent counterfeiting of products or objects. For example, 1D and 2D barcodes printed on labels are read by specialized electro-optical readers for product identification. RFID tags are affixed to products and are interrogated by specialized RFID readers. Magnetic stripes and holograms are also read by specialized card readers.
Most of these identification techniques, however, can be easily duplicated and defeated by counterfeiters. For example, printed barcoded and RFID tags can be easily duplicated or copied and can be tampered with by unscrupulous parties. Barcodes, RFID tags, and other identification technologies can identify, but not authenticate, an associated object. Holograms can be reverse-engineered. Magnetic stripe data can be easily read and reused. These identification technologies are generic, and any generic technology can be copied, duplicated, or reverse-engineered, thereby compromising their anti-counterfeiting function. In addition, most known anti-counterfeiting techniques require either specialized proprietary readers, depend on the knowledge of users, or need to be analyzed in a laboratory setting.
In U.S. Pat. No. 9,082,062 B2 whose disclosure is hereby incorporated herein by reference thereto, a method of authenticating an object was described that creates an authentication pattern signature for the object to be authenticated, associating a random distribution of three-dimensional (3D) elements with the object, aiming a portable, handheld, image capture device at the object to capture return light from the elements as one or more images, verifying from the image(s) that the elements are three-dimensional, processing the image(s) to generate an image pattern of the elements, comparing the image pattern with the authentication pattern signature, and indicating that the object is authentic when the image pattern matches the authentication pattern signature. Further details of an exemplary tag, system and method of authenticating articles in situ are disclosed in said patent.
As shown in FIG. 1, an authentication system 100 may include a label or tag 10 affixed to an object 12 in situ. The tag 10 is thus associated with the object 12 to be authenticated, and any object may be authenticated. Preferably, the tag 10 has a substrate, e.g., paper, foil, or film, and an adhesive layer 20 on the underside of the substrate is employed for adhering the tag 10 to the object 12. The tag 10 has a first dataset 14 configured as a random distribution of three-dimensional (3D) elements P1, P2, P3, P4, P5, P6 and P7 on the tag 10, and a second dataset 16 configured as data elements on the tag 10. The data elements of the second dataset 16 are preferably also affixed to the tag, either adjacent to, or superimposed on, the first dataset 14. The data elements are machine-readable, for example, they can be light-reflective. Advantageously, the second dataset 16 is a barcode symbol printed on the tag, but could also be a serial number of alphanumeric characters, or a radio frequency identification (RFID) tag, or a magstripe.
The 3D elements comprising the first dataset 14 are configured as a plurality of light-modifying particles and/or bubbles that can have any shape, color, material, interior structure (hollow or solid), or size. Such 3D elements may have characteristic colors for subsequent image processing and analysis. The 3D elements may be applied to the tag 10, e.g., either by being ink jet-printed on the tag, or by being applied in a curable medium 18 on the tag, or by being adhered to the tag. The 3D elements may also be applied or adhered directly to the object 12, or may be applied or adhered directly to a card or tag remote from the object 12. The light-modifying particles are either optically reflective or retro-reflective, or scattering, or absorptive over one or more different wavelengths to exhibit different colors.
The 3D elements can be of any number and can be configured with different geometrical shapes, such as rectangular, triangular, circular, or oval areas, on the tag. The 3D elements can be mutually spaced apart or contact one another. The 3D elements can be deposited in a single layer or in multiple layers on the tag, or can be partially or fully embedded in the medium 18, and may be overlaid with a transparent overcoat for protection.
A portable, handheld, mobile device is preferably an image capture device that is preferably aimed at the first and second datasets 14, 16 to capture return light from the 3D elements and the machine-readable data elements. The return light from the datasets can be captured simultaneously or consecutively. Advantageously, the image capture device is a mobile electronic device having a solid-state imaging module of the type conventionally found in consumer electronic digital cameras. The mobile electronic device is typically a cellular telephone or smart phone that has a built-in imaging module, but can also be a personal digital assistant (PDA), a tablet, a smart watch, a pair of smart glasses, a computer, an e-reader, a media player, or like electronic device having a built-in imaging module, especially one that is normally readily at hand to the average user. No special skill set is required for the user to capture the return light from the 3D elements and the data elements by simply taking one or more images or pictures of the 3D elements and the data elements. If the second dataset is in the form of an RFID chip embedded in the tag, then the same mobile device that captures the image(s) of the first dataset of 3D elements may also read the data stored in the RFID chip since most image-based mobile devices now also have built-in RFID readers.
The authentication pattern signature for the object may be stored in an addressable database remotely from the object. The database stores a multitude of other authentication pattern signatures for other objects. When read, the second dataset 16 serves as an address identifier that identifies an address for the authentication pattern signature in the remote database, thereby enabling the database to be interrogated only at that address, rather than having to interrogate every authentication pattern signature in the database. This greatly accelerates object authentication and improves field performance. In another embodiment, the authentication pattern signature for the object, or at least part of the authentication pattern signature, is locally stored on the object, preferably as part, or the entirety, of the second dataset 16 on the tag. Advantageously, the second dataset 16 may be a two-dimensional barcode symbol printed on the tag, or data stored in an RFID chip embedded in the tag. When the second dataset 16 is read by the same image capture device that read the first dataset 14, the image pattern is quickly compared with the locally stored part of the authentication pattern signature, thereby even further accelerating article authentication performance.
The data elements are machine-readable, for example, they can be light-modifying, as described above, or can be readable by the built-in RFID reader. When the data elements reflect and absorb light, the same image capture device that captured return light from the first dataset 14 can be used to capture light from the second dataset 16.
As mentioned above, no two objects 12 can have the same exact first dataset 14. Identifying and authenticating the object 12, or any other article of commerce, such as a document, an 1D card, a payment card, verifies the genuineness of the object and the trust between two interacting parties, e.g. between the consumer and the branded object, or between the organization issuing the object and the prospective recipient of the object.
In certain situations, it is required and advisable that only some users and only some electronic devices have access to the information associated with the datasets 14 and 16. While the electronic device equipped with the imaging module may read the barcode or the RFID tag encoded in the second dataset 16, the associated information content and the information encoded in the first dataset 14 must not be divulged to unauthorized devices, organizations, or individuals. For example, if a customer has purchased an expensive painting from a fine art auction entity that has a tag 10 affixed to it, the owner alone may like to authenticate the painting after acquisition of the painting in addition to the auction house. If such a painting is stolen and then recovered, the owner may claim that the painting indeed belongs to him/her because only his electronic device has the authorization to scan the tag 10.
Another example of limiting the access is that of an article of value that has the tag 10 affixed to it in order to assure the authenticity of the object. If it is delivered to an individual or organization, the sending party may like to make sure that the authentic object has been received by the said individual only. Only the authorized electronic device of the receiving party may scan/read the object, authenticate it, and acknowledge it. If other electronic devices scan/read the object, the acknowledgement must fail.
Still another example can be will or trust documents that may be set up by an individual. To assure that the will or trust documents cannot be forged, a tag 10 is affixed to each such document. The writer of the will and trust may limit access to who can authenticate the document to the trustee's electronic device or electronic devices of the individuals who are the beneficiaries named in the will or trust.
Still another example can be ATM, ID, or payment cards. There have been numerous cases of counterfeiting such cards. Most cards now incorporate an electronic chip on the card known as an EMV (Europay, MasterCard, and Visa) chip to prevent counterfeiting. Using an EMV chip+PIN (Personal Identification Number) at a physical point of sale (POS) location reduces card-present (CP) fraud significantly, but does not address the fraudulent use of payment data when there is no direct connection between the chip reader and the card, such as when the data is entered into an e-commerce application. Such fraud, termed card-not-present (CNP) fraud, remains an increasing problem. In order to assure that such transactions cannot be forged, the tag 10 can be affixed to, or embedded in, each such card.
For CNP transactions, the card holder may input the credit card information into e-commerce sites as is current practice and may capture the image of the associated fingerprint tag 10 and/or may read the second dataset, by using a smart phone. Software verifies from the image(s) that the elements are 3D. The captured fingerprint information in CNP transactions is encrypted and then double authenticated with the encrypted fingerprint information stored in the remote database, assuring that counterfeit cards cannot be used in any transaction at any location. If the authorization to scan the tag 10 is only limited to the card holder's smart phone or another mobile electronic device, then it guarantees that no fraudulent CNP transaction can proceed. Since the captured fingerprint information in all transactions and the stored fingerprint in the remote database are encrypted, man-in-the-middle attacks are also not possible.
There are a number of other cases where it is essential that the authorization to scan and the access to stored information about the document, object, or article of commerce should be limited to an individual, an entity, or a few people. In addition, some authorized users may have only partial authorization to access some of the information, but not the entire information, about an object.